CVE-2017-14151

Name of the Vulnerable Software and Affected Versions OpenJPEG version 2.2.0

Description A heap-based buffer overflow issue was found due to an off-by-one error in the opj tcd code block enc allocate data function, potentially leading to remote denial of service or possibly remote code execution. The issue affects the opj mqc flush function in lib/openjp2/mqc.c and the opj t1 encode cblk function in lib/openjp2/t1.c.

Recommendations For OpenJPEG version 2.2.0, consider updating to a newer version that contains a fix for this issue, as the current version may allow for remote denial of service or possibly remote code execution due to the heap-based buffer overflow. At the moment, there is no information about a newer version that contains a fix for this vulnerability.